apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: etcd-backup
  namespace: kube-system
spec:
  # activeDeadlineSeconds: 100
  schedule: "0 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          nodeSelector:
            "nodeType": master
          tolerations:
            - key: node-role.kubernetes.io/master
              effect: NoSchedule
          containers:
          - name: backup
            image: {{ kube_registry_mirrors['google'] }}/google_containers/etcd:{{ kube_etcd_image_version.stdout_lines[0] }}
            env:
            - name: ETCDCTL_API
              value: "3"
            command: ["/bin/sh"]
            args: ["-c", "etcdctl --endpoints=https://127.0.0.1:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key-file=/etc/kubernetes/pki/etcd/healthcheck-client.key snapshot save /backup/etcd-snapshot-$(date +%Y-%m-%d_%H:%M:%S_%Z).db"]
            volumeMounts:
            - mountPath: /etc/kubernetes/pki/etcd
              name: etcd-certs
              readOnly: true
            - mountPath: /backup
              name: backup
          restartPolicy: OnFailure
          hostNetwork: true
          volumes:
          - name: etcd-certs
            hostPath:
              path: /etc/kubernetes/pki/etcd
              type: DirectoryOrCreate
          - name: backup
            hostPath:
              path: {{ kube_docker_path }}/backup/etcd
              type: DirectoryOrCreate
